Announcement

Collapse
No announcement yet.

Potential Reverb Data Breach

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Potential Reverb Data Breach

    FYI. Just received this email-

    "Dear Reverber,

    We take our users’ privacy and security very seriously. Out of an abundance of caution, we wanted to inform you that Reverb recently became aware of an issue relating to user contact information.

    At this time, we believe that contact information, including name, address, phone number, and email, was publicly accessible for a short period of time. We do not have reason to believe that any of this information has been misused, nor do we believe that password or payment information were involved.

    As soon as we learned of this issue, we immediately worked to resolve it. We conducted an investigation of the situation to determine what happened and are taking steps to prevent something like this from happening again.

    As a general reminder, we recommend that you change your Reverb password on a regular basis. If you’d like to update your password you can do so easily from your Account Settings page.

    Your trust is important to us, and we are committed to improving our safety procedures to keep your information secure. Thank you for being a part of the Reverb community.

    The Reverb Team"

    #2
    Ugh. :/

    Comment


      #3
      No passwords, thankfully, it seems. Though, I'll still change mine out.

      Comment


        #4
        Yup I got the same notice. Changed my PW right away.

        Comment


          #5
          Whenever I'm reading science fiction, most recently The Expanse and they're trying to get somewhere in a hurry, I always think to myself "COME ON WE HAVE TO GET OUT OF HERE OR THE SHIP WILL BLOW UP! NOOOOO FIRMWARE UPDATE".

          Now it'll have to be:

          "COME ON WE NEED INSIDE, THE SPACE ZOMBIES ARE COMING. HERE IS MY PASSWORD." "SORRY, WE HAD A DATA BREACH, AND YOUR INFORMATION MAY HAVE BEEN COMPROMISED, PLEASE CHANGE YOUR PASSWORD."

          It'll be interesting to see where the security on sites like this need to go to keep being safe as we go forward.

          Comment


            #6
            Yeap I changed my pass as soon as I saw the email.... man I need to start writing down my Passwords on a physical notebook... its so many website's and whatever that its impossible for to remember 80% of them...

            Comment


              #7
              Originally posted by Leon View Post
              No passwords, thankfully, it seems. Though, I'll still change mine out.
              Change your PW anyway, and honestly if you have a CC attached for billing, might be a good time to change that too.

              More than one breach has started out as "Oh, just some boring info" and progressed to "oopsie doodle it was everything".

              Comment


                #8
                Originally posted by mpexus View Post
                Yeap I changed my pass as soon as I saw the email.... man I need to start writing down my Passwords on a physical notebook... its so many website's and whatever that its impossible for to remember 80% of them...
                I started using 1Password about a month ago, and while it was a pain to get setup (and holy shit, I am signed up to soooo many things), it's really easy to change and store passwords in it.

                Comment


                  #9
                  Originally posted by Leon View Post

                  I started using 1Password about a month ago, and while it was a pain to get setup (and holy shit, I am signed up to soooo many things), it's really easy to change and store passwords in it.

                  Well I need to check something because with age I noticed already that I keep forgetting a lot of shit


                  Comment


                    #10
                    btw, my password on /7/ for literally like 3 years was just "guitar", no quotes. I was fixing some goddamn server thing, had to reset my previously-much-better-protected admin account and tossed that in for a temporary password so I wouldn't have to type "[email protected]#1223XXasfbkah" into a mysql console 9 million times.

                    Then I just never got around to changing it for ages. And all the zillion angry djenters I banned that tried to hack my account all the time never tried it.

                    Comment


                      #11
                      Originally posted by Chris View Post
                      btw, my password on /7/ for literally like 3 years was just "guitar", no quotes. I was fixing some goddamn server thing, had to reset my previously-much-better-protected admin account and tossed that in for a temporary password so I wouldn't have to type "[email protected]#1223XXasfbkah" into a mysql console 9 million times.

                      Then I just never got around to changing it for ages. And all the zillion angry djenters I banned that tried to hack my account all the time never tried it.
                      See, nobody thinks the password will be simple. Genius.

                      Comment


                        #12
                        Originally posted by Chris View Post
                        btw, my password on /7/ for literally like 3 years was just "guitar", no quotes. I was fixing some goddamn server thing, had to reset my previously-much-better-protected admin account and tossed that in for a temporary password so I wouldn't have to type "[email protected]#1223XXasfbkah" into a mysql console 9 million times.

                        Then I just never got around to changing it for ages. And all the zillion angry djenters I banned that tried to hack my account all the time never tried it.

                        My default PIN was 5150 for a long time. Phone/bank/etc etc etc

                        I actually "hacked" powerschool in high school for kicks. That's the grade keeping software most schools use so you can check your grades from home.

                        This was like, mid 2000s, dawn of the usb stick era.

                        I had this one teacher that was kind of a tool. And he would always dare me to do computer things to mock me. He really hated wikipedia, because "anyone could edit it and it spreads lies", of course in these days idiot teacher was obviously wrong, wikipedia is more legit than anything on Fox. Once he started shit talking wikipedia and I said "I'm going to start a wikipedia page on you" so I started a wikipedia page on him and wrote like 2-3 pages. At first he thought it was funny, but I kept adding to it in his class and eventually he bitched to the principle and I had to sit down and explain myself while he glared at me. I explained, "he literally told me to do it, he knew about this the whole time I told him I was going to do it and he was like, 'do it' ". and he pounded his fist down on the table and seethed "THE PART ABOUT THE HUMAN GROWTH HORMONE HEIST WAS OVER THE LINE". I never got disciplined for it. The principle and vice principle let me off because it displayed a "clear talent for creative writing, and since the school didn't have a creative writing class, I had been forced to seek another outlet".

                        He eventually lightened up and apparently now he tells every class the story. There have been one or two times I have met a younger person from the town and they have been like "Holy shit, you are that guy, I've heard about you".

                        Anyways on to the Powerschool thing. A ton of people always forgot to print their shit, so if you had to turn something in some of the less tech savvy teachers would say "plug that into my computer and print it right here".

                        So one day I straight up told him, "You know, you shouldn't let people do that, the school security isn't very good, I bet I could go into program files and copy the entire power school directory on to my flash drive and access it from anywhere".

                        Idiot teacher laughed me off, "You're welcome to try, not only do you have no idea what you are talking about, it is password protected, the school system is cutting edge and was designed by professionals".

                        "Fine I'm doing it"

                        "Do it, I don't care, it won't work"

                        It hilariously did work, his password was just the subject he taught. No joke. I never brought it up again with him, but a bunch of the class knew, and they were all "no way it worked, tell me what grade I got on this assignment", and I would get it right every time. So I got this undeserved reputation as being the greatest hacker of all time, just because the school tech guys are idiots. I could have fucked with everyone's grades, you had to press "update" though, and most info was backed up locally, so I would have had to do it in the small time frame when "final" grades are submitted to administration after the teacher had submitted theirs. I didn't end up doing anything dishonest. I thought about bringing it up to the school, but with the level of incompetency I knew they wouldn't buy the "you can just go into program files and copy the powerschool directory on to a flash drive and access the database from anywhere, you can guess most teachers passwords because they are the subject they teach, all lower case." real explanation and go off on a "HOW DID YOU CRACK OUR CUTTING EDGE SECURITY? WHAT DEVIOUS TOOLS OR FORBIDDEN KNOWLEDGE DO YOU HAVE ACCESS TO?" type thing. I didn't know how to politely tell them "Maybe tell your idiot Math teachers to not make their password 'math', your idiot science teachers to not make their password 'science', etc. "

                        I actually looked after to see if you could access the power school directory from student accounts logged into their remote drives. Yep. You didn't even have to go on to a computer logged into a teacher account, you could access the powerschool directory in program files from a student account.

                        All the teachers were hilariously incompetent. I discovered early on that if you didn't want to write a paper, you could just do the "I don't have a printer at home, but it's on this usb stick, can I print it" the "paper" is just a jpeg, but you change the extension on a jpeg document to a word document, and it would be incomprehensible babble and you could call the teacher over and be like "IT'S NOT PRINTING RIGHT, DAMN THESE TECH ISSUES, MY COMPUTER AT HOME IS INCOMPATIBLE, BUT I DID THE ASSIGNMENT, LOOK AT HOW MANY PAGES OF TEXT THIS IS".

                        I even did this once for a computer class. I did it twice in college too. No one ever caught on.

                        There are three levels of tech literacy. 1) People who actually know shit about how computers work on a technical level 2) People who know basic stuff like how to find "Control Panel" 3) Everyone else. I'm always amazed by how few people there are in 2.

                        Most of the right wing hackers you see in the news recently know fuck all about coding and technical stuff. They are just really good at social engineering tricks like "calling tech support and pretending to be someone else and asking for a password you forgot".

                        Comment


                          #13
                          Originally posted by Greg McCoy View Post

                          There are three levels of tech literacy. 1) People who actually know shit about how computers work on a technical level 2) People who know basic stuff like how to find "Control Panel" 3) Everyone else. I'm always amazed by how few people there are in 2.
                          I find it hilarious that people in group 2 are "power users".

                          Comment


                            #14
                            Originally posted by Mike View Post

                            I find it hilarious that people in group 2 are "power users".
                            Compared to group 3 they are.

                            I had one rich old lady neighbor as a kid who kept calling me over to do "tech support", in spite of the fact that not only am I not qualified, the stuff she wanted done was impossible. She would always insist on calling customer service while I sat there and she would yell at some poor dude in India for 15 minutes straight. She would let them explain stuff for long periods of time too and then only tell them at the end, "I'm sorry, I didn't understand anything you just said, can I speak to your superior?".

                            I don't even know what the most ridiculous case was in all honesty, but once she had a problem and was told by someone else it was probably with her graphics card...

                            ....there was a solid 4 hours of not being able to understand that the graphics card is a physical unit. She thought the graphics card was a drivers license style certification you carried around in your wallet. Like, any computer could do it, you just needed to be registered.

                            She called some dude in India and yelled at him for a solid 45 minutes about how she didn't need a graphics card because this is America.

                            The most bizarre part was the guy was tech support for the brand that made her printer.

                            Comment

                            Working...
                            X